CVE-2014-0093 - OpenCVE

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Enterprise Application Platform

Configuration 1 [-]

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-0343.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0344.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0345.html	Vendor Advisory
http://secunia.com/advisories/57675	Vendor Advisory
http://www.securityfocus.com/bid/66596

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-03T15:00:00

Updated: 2017-01-04T17:57:01

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0093

JSON object: View

NVD Information

Status : Modified

Published: 2014-04-03T16:15:12.127

Modified: 2017-01-07T02:59:16.060

Link: CVE-2014-0093

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7D9B1401-1FBD-442A-9055-A270BF1A1244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions."}, {"lang": "es", "value": "Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, cuando utiliza un Java Security Manager (JSM), no aplica debidamente permisos definidos por un archivo de pol\u00edtica, lo que causa a aplicaciones ser concedidas el permiso java.security.AllPermission y permite a atacantes remotos evadir restricciones de acceso."}], "id": "CVE-2014-0093", "lastModified": "2017-01-07T02:59:16.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-03T16:15:12.127", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57675"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66596"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}